Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 3

GitHub App permissions for GraphQL query

Solved! Go to Solution.

I had this query working on my OAuth app with `user:email, repo` scope. It is returning `403 Forbidden` when I auth with GitHub App. Query-

 

{
  viewer {
    repositories(first: 100, ownerAffiliations: OWNER) {
      totalCount
      nodes {
        nameWithOwner
        owner {
          avatarUrl
          login
        }
        languages(first: 10) {
          nodes {
            name
          }
        }
        defaultBranchRef {
          name
          target {
            ... on Commit {
              committedDate
              oid
              message
            }
          }
        }
      }
    }
  }
}

Permissions on the GitHub app-

 

"permissions":{"contents":"read","metadata":"read","pull_requests":"read","repository_hooks":"write","statuses":"read"}

Thanks!

 

2 Replies
Copilot Lvl 3
Message 2 of 3

Re: GitHub App permissions for GraphQL query

From here looks like `metadata` should be enough-

 

https://developer.github.com/v3/apps/permissions/

 

 

Solution
Copilot Lvl 3
Message 3 of 3

Re: GitHub App permissions for GraphQL query

The reason this query doesn't work is that the /repos endpoint returns public repos for the GitHub App's token and the nested query eg /languages breaks the graphql query. The solution is to fetch `/user/:install_id/repos/` and then iterate over returned queries. 

 

imho- public repos shouldn't be returned for GitHub App in the first place as the app could be installed on a public repo in future.